Checkpoint and ISA design

Hi,

I have a checkpoint firewall and ISA 2004 server and I want to implement a front end backend design.

I was think of putting CP External facing Internet and ISA as the backend,

ISA-------CP--------Internet

Any advice of on this ?
skywalker101Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
deimarkConnect With a Mentor Commented:
Either way works well here as the external firewall, however, I tend to prefer the CP FW on the perimeter and ISA on the inside.

Although ISA is a good firewall in itself, I prefer to use a purpose built firewall on the outside and use ISA on the inside.  You can utilise more of the perimeter protections on CP, like the IPS blade etc

Key things to take into account for traffic and rules is where you are doing NAT.  I would pick either CP or ISA to be the master NAT device as natting on each side does add to confusion when debugging any issues

HTH
0
 
skywalker101Author Commented:
Yea Checkpoint will be my master natting device as I find there is a lot more functionality with CP over iSA.
0
All Courses

From novice to tech pro — start learning today.